<?php
session_start();
include("load-settings.php");

if(!isset($_SESSION['user']))
	header("Location: login.php");

$user = mysql_real_escape_string($_SESSION['user']);
$result = mysql_query("SELECT * FROM user WHERE id = $user");
$row = mysql_fetch_array($result);

if($row['type'] != 2)
	header("Location: home.php");

$id = mysql_real_escape_string($_POST['id']);
$amount = mysql_real_escape_string($_POST['amount']);
$paypal = mysql_real_escape_string($_POST['paypal']);

$result = mysql_query("SELECT * FROM payment WHERE id = $id");

if(mysql_num_rows($result) == 0)
	header("Location: masspay.php");

mysql_query("UPDATE payment SET amount = $amount, paypal = '$paypal' WHERE id = $id");

header("Location: masspay.php");

?>